Changed csrf(): next(403) to allow error handling

zzen · Oct 2, 2011 · 524a83d · 524a83d
1 parent cff9374
commit 524a83d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/middleware/csrf.js b/lib/middleware/csrf.js
@@ -83,7 +83,7 @@ module.exports = function csrf(options) {
     var val = value(req);
 
     // check
-    if (val != token) return utils.forbidden(res);
+    if (val != token) return next(403);
 
     next();
   }